PUSHDO: The New SSL DDoS

The Central Intelligence Agency, PayPal, and hundreds of other organizations are under an unexplained assault that’s bombarding their websites with millions of compute-intensive requests.

The “massive” flood of requests is made over the websites’ SSL, or secure-sockets layer, port, causing them to consume more resources than normal connections, according to researchers at Shadowserver Foundation, a volunteer security collective. The torrent started about a week ago and appears to be caused by recent changes made to a botnet known as Pushdo

Due to recent events in my personal history, the whole issue of the return of the DDoS kinda has new meaning for me. This particular attack is an interesting one as well are the choices of targets here. Why choose the CIA and Ebay? Seems somewhat random to me, could they be part of a bigger picture or just a randomized set of attacks to test something?

Have we reached a point where the best recourse for these kiddies is to just DoS things offline here and there for kicks? Could a concerted effort of DoS actually effect change or damage to a company enough to make them change? I really wonder just what the hell the fascination with DDoS is other than just a juvenile one.

Of course a DDoS could be used as a precursor to actual warfare or in tandem with it, but really, this does not seem the type of thing that is happening here. Now, were the attackers looking to cause mass outages on infrastructure or commerce sites as a method of attack on the economy.. Well that might be an interesting scenario.

What is different with this attack is the SSL angle. This one is a new one and could really hork up a site pretty well for some time. Passing junk data and locking sessions could really bring a big boy down. Even with load balancing I think this could likely cause some real down time.